Themify Builder CSRF Vulnerability Affects Versions n/a through 7.0.5
CVE-2024-24872

4.3MEDIUM

Key Information:

Vendor

WordPress

Vendor
CVE Published:
21 February 2024

What is CVE-2024-24872?

A Cross-Site Request Forgery (CSRF) vulnerability exists in Themify Builder that allows an attacker to perform unauthorized actions on behalf of authenticated users. This can lead to significant security risks, as malicious actions can be executed without the user's consent. This issue impacts versions of Themify Builder from n/a to 7.0.5, making users susceptible to potential exploitation if not addressed.

Affected Version(s)

Themify Builder <= 7.0.5

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dhabaleshwar Das (Patchstack Alliance)
.